Award-winning news, views, and insight from the ESET security community

T-Mobile Data Breach – Or Not…

Just last Saturday, June 6th; there was a new posting on the Full Disclosure mailing list from a source that calls themselves pwnmobile (at least that’s part of their email address). In the post, pwnmobile claims they have harvested information from T-Mobile USA’s servers. The data they claim to have acquired is: various databases confidential

Just last Saturday, June 6th; there was a new posting on the Full Disclosure mailing list from a source that calls themselves pwnmobile (at least that’s part of their email address). In the post, pwnmobile claims they have harvested information from T-Mobile USA’s servers. The data they claim to have acquired is: various databases confidential

Just last Saturday, June 6th; there was a new posting on the Full Disclosure mailing list from a source that calls themselves pwnmobile (at least that’s part of their email address). In the post, pwnmobile claims they have harvested information from T-Mobile USA’s servers. The data they claim to have acquired is:

various databases

confidential documents

scripts

applications

Interestingly enough, the poster of the message stated that they supposedly approached T-Mobile’s competitors, but there was no interest and now the data will be sold to the highest bidder. T-mobile USA, the subsidiary of Deutsche Telekom AG, is currently investigating this claim, and if found to be true, will contact their customers according to breach notification laws. T-Mobile USA’s 32.8 million contract customers make up 81% of their total customer base – you can also add to that the addition of 36,000 employees. If there truly was a breach of this magnitude, and based on the findings regarding the source of the breach, it could be costly for the carrier.

So far, the only evidence pwnmobile has shown as evidence of breaching T-Mobile USA’s systems are system logs that could have been copied by one or more employees or contractors working for the carrier. This would not indicate a data breach by any means and could simply be a ploy to “take the money and run.”

The pwnmobile safe-mail email address is a good place to start in discovering the identity of the person or group that made the post. According to safe-mail, “We can access data and/or delete an account *only* according to the Terms and Conditions in the Agreement.” Those terms clearly state:

“You may use Safe-mail in ANY legal way for your personal, business or other needs.”

The terms also state:

“You may not use Safe-mail in a way that is threatening, harmful, or invasive of the rights of other; for spamming, chain letters, pyramid schemes, junk mail, unsolicited advertising or bulk e-mail; or otherwise in a way that is damaging, offensive, or that creates a nuisance. Disguising the origin of transmitted content is prohibited. You agree to abide by all laws and regulations applicable to this agreement and use of the e-mail system. This agreement is made under and shall be construed according to the laws of the State of Israel and Israel’s courts will have exclusive jurisdiction over any dispute related to the system or this agreement.”

With increased international collaboration regarding cybercrimes, regardless if they are committed across borders or within their own borders, the pressure is on for the criminals. The old adage, “You can run, but you can’t hide” is slowly, but surely, starting to make more headway.